Here are all the informants and undercover employees listed in the criminal complaint against Erick Hendricks, who was arrested for conspiring to materially support ISIL in relation to the Garland, TX attack:

CHS-1: a paid informant for the last year and a half with a criminal record of fraud and forgery who has not (yet?) received sentencing benefits for his cooperation; he met with Hendricks in Baltimore.

CHS2: a paid informant for the last 4 years with no known criminal history; he posed as someone wanting to join ISIL.

CHS-3: a paid informant for the last 4 and a half years with no known criminal history; Hendricks instructed CHS-3 to assess UCE-1 for recruitment.

CHS-4: a paid informant for the last 4 years with no known criminal history; Hendricks provided him with jihadist propaganda on social media. He also met with Hendricks in Baltimore, at a later date.

UCE-1: an undercover officer had conversations directly with Hendricks that mirrored those Hendricks had with a cooperating witness. UCE-1 also incited and then was present for the Garland attack.

Hendricks claims to have been a paid informant of the FBI since 2009 who helped the agency identify potential terrorists. Code name: “Ahkie,” a variation of the Muslim term for “brother.”

He also claims to have been an outspoken and longtime opponent of radical Islam.

“I have publicly, privately and consistently denounced Al-Qaeda, ISIS and all extremist groups,” Hendricks said in a statement that Lisa Woods says her son dictated during a Wednesday phone call from the jail.

“I am baffled as to why the FBI (is) accusing me of terrorist ties.”

[snip]

In his statement, Hendricks says the FBI first made contact with him in 2009, when as Mustafa Abu Maryam, Hendricks was the youth coordinator of the Islamic Circle of North America Center in Alexandria, Va.

[snip]

In his jail statement, Hendricks says he was recruited in 2009 by an FBI agent named David to help identify potential terrorists. In 2010, after Hendricks had moved to Columbia, he says he worked with another FBI agent named Steve. Altogether, Hendricks claims to have developed “at least a half-dozen” cases against extremists.

Has the FBI simply lost track of who are real and who are the people it is paying to play a role? Or is it possible someone from another agency, claiming to be FBI, recruited Hendricks (don’t laugh! That’s one potential explanation for Anwar al-Awlaki’s curious ties to US law enforcement, a story that wends its way through a related mosque in VA)?

Sure, maybe Hendricks is making all this up (at the very least, it may necessitate the BoP to protect him in prison since he has now publicly claimed to be a narc). But FBI’s network of informants sure is getting confusing.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

https://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.png00emptywheelhttps://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.pngemptywheel2016-08-12 10:16:172016-08-12 11:23:55Maybe FBI Has Lost Track of Who the Informants Are?

When I first realized that FISA Court Presiding Judge Thomas Hogan picked her to serve as amicus for the review of the yearly 702 certifications last year, I complained that she, not Marc Zwillinger, got selected (the pick was made in August, but Jeffress would later be picked as one of the standing amicus curiae, along with Zwillinger). After all, Zwillinger has already argued that PRISM (then authorized by Protect America Act) was unconstitutional when he represented Yahoo in its challenge of the program. He’s got experience making this precise argument. Plus, Jeffress not only is a long-time national security prosecutor and former top Eric Holder aide, but she has been involved in some actions designed to protect the Executive. I still think Zwillinger might have done a better job. But Jeffress nevertheless made what appears to be a vigorous, though unsuccessful, argument that FBI’s back door searches of US person data are unconstitutional.

A former top DOJ lawyer believes FBI’s back door queries are unconstitutional

But it says a lot that Jeffress — someone who narrowly missed being picked as Assistant Attorney General for National Security and who presumably got at least some visibility on back door searches when working with Holder — argued that FBI’s warrantless back door searches of communications collected under Section 702 is unconstitutional. (I presume it would be unethical for Jeffress to use information learned while counseling Holder in this proceeding, which might have put her in an interesting position of knowing more than she could say.)

Sadly, Hogan didn’t care. Worse, his argument for not caring doesn’t make sense. As I’ll note, not only did Hogan pick a less than optimal person to make this argument, but he may have narrowly scoped her input, which may have prevented her from raising evidence in Hogan’s own opinion that his legal conclusion was problematic.

To be clear, Jeffress was no flaming hippie. She found no problem with the NSA and CIA practice of back door searches, concluding, “that the NSA and CIA minimization procedures are sufficient to ensure that the use of U.S. person identifiers for th[e] purpose of [querying Section 702-acquired information] complies with the statutory requirements of Section 702 and with the Fourth Amendment.” But she did find the FBI practice problematic.

Jeffress’ amicus brief included at least 10 pages of discussion of her concerns with the practice, though ODNI did not release her brief and Hogan cited very limited bits of it. She argued, “the FISA process cannot be used as a device to investigate wholly unrelated ordinary crimes” and said because the queries could do so they “go far beyond the purpose for which the Section 702-acquired information is collected in permitting queries that are unrelated to national security.”

To dismiss Jeffress’ arguments, Hogan does several things. He,

Notes the statute requires foreign intelligence just be “a significant purpose” of the collection, and points back to the 2002 In Re Sealed Case FISCR decision interpreting the “significant purpose” language added in the PATRIOT Act to permit the use of traditional FISA information for prosecutions

Cites the FISA minimization procedure language that “allow[s] for the retention and dissemination of information that is evidence of a crime which has been, is being, or is about to be committed”

Dismisses a former top DOJ official’s concerns about the use of FISA data for non-national security crimes as “hypothetical”

Doesn’t address — at all — language in the FBI minimization procedures that permits querying of data for assessments and other unspecified uses

Invests a lot of faith in FBI’s access and training requirements that later parts of his opinion undermine

There are several problems with his argument.

In Re Sealed Case ties “significant purpose” to the target of an interception

First, Hogan extends the scope of what the FISA Court of Review interpreted the term “significant purpose,” which got added to traditional FISA in the PATRIOT Act and then adopted in FISA Amendments Act.

Hogan cites the FISCR decision in In Re Sealed Case to suggest it authorized the use of information against non-targets of surveillance. He does so by putting the court’s ultimate decision after caveats it uses to modify that. “The Court of Review concluded that it would be an “anomalous reading” of the “significant purpose” language of 50 U.S.C. § 1804(a)(6)(B) to allow the use of electronic surveillance in such a case. See id. at 736. The Court nevertheless stressed, however, that “[s]o long as the government entertains a realistic option of dealing with the agent other than through criminal prosecution that it satisfies the significant purpose test.”

But that’s not what FISCR found. Here’s how that reads in the original, with Hogan’s citations emphasized.

On the one hand, Congress did not amend the definition of foreign intelligence information which, we have explained, includes evidence of foreign intelligence crimes. On the other hand, Congress accepted the dichotomy between foreign intelligence and law enforcement by adopting the significant purpose test. Nevertheless, it is our task to do our best to read the statute to honor congressional intent. The better reading, it seems to us, excludes from the purpose of gaining foreign intelligence information a sole objective of criminal prosecution. We therefore reject the government’s argument to the contrary. Yet this may not make much practical difference. Because, as the government points out, when it commences an electronic surveillance of a foreign agent, typically it will not have decided whether to prosecute the agent (whatever may be the subjective intent of the investigators or lawyers who initiate an investigation). So long as the government entertains a realistic option of dealing with the agent other than through criminal prosecution, it satisfies the significant purpose test.

The important point is–and here we agree with the government–the Patriot Act amendment, by using the word “significant,” eliminated any justification for the FISA court to balance the relative weight the government places on criminal prosecution as compared to other counterintelligence responses. If the certification of the application’s purpose articulates a broader objective than criminal prosecution–such as stopping an ongoing conspiracy–and includes other potential non-prosecutorial responses, the government meets the statutory test. Of course, if the court concluded that the government’s sole objective was merely to gain evidence of past criminal conduct–even foreign intelligence crimes–to punish the agent rather than halt ongoing espionage or terrorist activity, the application should be denied.

The government claims that even prosecutions of non-foreign intelligence crimes are consistent with a purpose of gaining foreign intelligence information so long as the government’s objective is to stop espionage or terrorism by putting an agent of a foreign power in prison. That interpretation transgresses the original FISA. It will be recalled that Congress intended section 1804(a)(7)(B) to prevent the government from targeting a foreign agent when its “true purpose” was to gain non-foreign intelligence information–such as evidence of ordinary crimes or scandals. See supra at p.14. (If the government inadvertently came upon evidence of ordinary crimes, FISA provided for the transmission of that evidence to the proper authority. 50 U.S.C. § 1801(h)(3).) It can be argued, however, that by providing that an application is to be granted if the government has only a “significant purpose” of gaining foreign intelligence information, the Patriot Act allows the government to have a primary objective of prosecuting an agent for a non-foreign intelligence crime. Yet we think that would be an anomalous reading of the amendment. For we see not the slightest indication that Congress meant to give that power to the Executive Branch. Accordingly, the manifestation of such a purpose, it seems to us, would continue to disqualify an application. That is not to deny that ordinary crimes might be inextricably intertwined with foreign intelligence crimes. For example, if a group of international terrorists were to engage in bank robberies in order to finance the manufacture of a bomb, evidence of the bank robbery should be treated just as evidence of the terrorist act itself. But the FISA process cannot be used as a device to investigate wholly unrelated ordinary crimes.

Hogan ignores three key parts of this passage. First, FISCR’s decision only envisions the use of evidence against the target of the surveillance, not against his interlocutors, to in some way neutralize him. Any US person information collected and retained under 702 is, by definition, not the targeted person (whereas he or she might be in a traditional FISA order). Furthermore, FBI’s queries of information collected under 702 will find and use information that has nothing to do with putting foreign agents in prison — that is, to “investigate wholly unrelated ordinary crimes,” which FISCR prohibited. Finally, by searching data that may be years old for evidence of a crime, FBI is, in effect, “gaining evidence of past criminal conduct” — itself prohibited by FISCR — of someone who isn’t even the target of the surveillance.

Hogan only treats querying for criminal purposes

Having, in my opinion, expanded on what FISCR authorized back in 2002, Hogan then ignores several parts of what FBI querying permits.

Here’s (some of) the language FBI added to its minimization procedures, at the suggestion of PCLOB, to finally, after 8 years, fully disclose what it was doing to the FISC.

It is a routine and encouraged practice for FBI to query databases containing lawfully acquired information, including FISA-acquired information, in furtherance of the FBI’s authorized intelligence and law enforcement activities, such as assessments, investigations and intelligence collection. Section III.D governs the conduct of such queries. Examples of such queries include, but are not limited to, queries reasonably designed to identify foreign intelligence information or evidence of a crime related to an ongoing authorized investigation or reasonably designed queries conducted by FBI personnel in making an initial decision to open an assessment concerning a threat to national security, the prevention or protection against a Federal crime, or the collection of foreign intelligence, as authorized by the Attorney General Guidelines. These examples are illustrative and neither expand nor restrict the scope of the queries authorized in the language above.

This language makes clear FBI may do back door searches for:

To identify foreign intelligence information

To identify evidence of a crime related to an ongoing investigation

To decide whether to open an assessment concerning a threat to national security, the prevention or protection against a Federal crime, or the collection of foreign intelligence

Other things, because FBI’s use of such queries “are not limited to” these uses

Given Hogan’s stingy citations from Jeffress’ brief, it’s unclear how much of these things she addressed (or whether she was permitted to introduce knowledge gained from having worked closely with Eric Holder when these back door searches were being formalized).

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

In a piece on the GCHQ and NSA failure to identify David Headley’s role in the Mumbai terrorist attack, ProPublica quotes former CIA officer Charles Faddis on the value of bulk surveillance.

“I’m not saying that the capacity to intercept the communications is not valuable,” said Charles (Sam) Faddis, a former C.I.A. counterterror chief. “Clearly that’s valuable.” Nonetheless, he added, it is a mistake to rely heavily on bulk surveillance programs in isolation.

“You’re going to waste a lot of money, you’re going to waste a lot of time,” Faddis said. “At the end, you’re going have very little to show for it.”

The article as a whole demonstrates that in a manner I’m fairly shocked about. The NSA failed to recognize what it had in intelligence collected on Headley’s role in the attack even after the attack because they hadn’t correlated his known birth name with the name he adopted in the US.

Headley represents another potential stream of intelligence that could have made a difference before Mumbai. He is serving 35 years in prison for his role. He was a Pakistani-American son of privilege who became a heroin addict, drug smuggler and DEA informant, then an Islamic terrorist and Pakistani spy, and finally, a prize witness for U.S. prosecutors.

In recounting that odyssey, we previously explored half a dozen missed opportunities by U.S. law enforcement to pursue tips from Headley’s associates about his terrorist activity. New reporting and analysis traces Headley’s trail of suspicious electronic communications as he did reconnaissance missions under the direction of Lashkar and Pakistan’s Inter-Services Intelligence Directorate (ISI).

Headley discussed targets, expressed extremist sentiments and raised other red flags in often brazen emails, texts and phone calls to his handlers, one of whom worked closely on the plot with Shah, the Lashkar communications chief targeted by the British.

U.S. intelligence officials disclosed to me for the first time that, after the attacks, intensified N.S.A. monitoring of Pakistan did scoop up some of Headley’s suspicious emails. But analysts did not realize he was a U.S.-based terrorist involved in the Mumbai attacks who was at work on a new plot against Denmark, officials admitted.

The sheer volume of data and his use of multiple email addresses and his original name, Daood Gilani, posed obstacles, U.S. intelligence officials said. To perfect his cover as an American businessman, Headley had legally changed his name in 2006.

“They detected a guy named ‘Gilani’ writing to bad guys in Pakistan, communicating with terror and ISI nodes,” a senior U.S. intelligence official said. “He wrote also in fluent Urdu, which drew interest. Linking ‘Gilani’ to ‘Headley’ took a long time. The N.S.A. was looking at those emails post-Mumbai. It was not clear to them who he was.”

As I’ve explained, one of the things NSA does with all its data is to “correlate” selectors, so that it maps a picture of all the Internet and telecom (and brick and mortar, where they have HUMINT) activities of a person using the multiple identities that have become common in this day and age. This is a core function of the NSA’s dragnets, and it works automatically on EO 12333 data (and worked automatically on domestically-collected phone and — probably — Internet metadata until 2009).

When you think about it, there are some easy ways of matching online identities (going to a provider, mapping some IP addresses). And even the matching of “burner” IDs can be done with 94% accuracy, at least within AT&T’s system, according to AT&T’s own claims.

The NSA says they didn’t do so here because Headley had changed his name.

Headley, recall, was a DEA informant. Which means, unless these intelligence agencies are far more incompetent than I believe they are, this information was sitting in a government file somewhere: “Daood Gilani, the name of a known Urdu-fluent informant DEA sent off to Pakistan to hang out with baddies = David Headley.” Unless Headley adopted the new name precisely because he knew it would serve to throw the IC off his trail.

And yet … NSA claims it could not, and did not, correlate those two identities and as a result didn’t even realize Headley was involved in the Mumbai bombing even after the attack.

Notably, they claim they did not do so because of the “sheer volume of data.”

In short, according to the NSA’s now operative story (you should click through to read the flaccid apologies the IC offered up for lying about the value of Sections 215 and 702 in catching Headley), the NSA’s dragnet failed at one of its core functions because it is drowning in data.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

https://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.png00emptywheelhttps://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.pngemptywheel2015-04-21 10:44:242015-04-21 10:46:13NSA's Dragnet Failed to "Correlate" David Headley's Identity, One of Its Core Functions

I’m still deep in this 9/11 Follow-up Report FBI, which Jim Comey and now-retired Congressman Frank Wolf had done last year and which released the unsurprising topline conclusion that Jim Comey needs to have more power, released earlier this week.

About the only conclusion in the report that Comey disagreed with — per this Josh Gerstein report — is that it should get out of the business of Countering Violent Extremism.

Comey said he agreed with many of the report’s recommendations, but he challenged the proposal that the FBI leave counter-extremism work to other agencies.

“I respectfully disagree with the review commission,” the director said. “It should not be focused on messages about faith it should not be socially focused, but we have an expertise … I have these people who spend all day long thinking dark thoughts and doing research at Quantico, my Behavioral Analysis Unit. They have an incredibly important role to play in countering violent extremism.”

Here’s what the report had to say about FBI and CVE (note, this is a profoundly ahistorical take on the serial efforts to CVE, but that’s just one of many analytical problems with this report).

The FBI, like DHS, NCTC, and other agencies, has made an admirable effort to counter violent extremism (CVE) as mandated in the White House’s December 2011 strategy, Empowering Local Partners to Prevent Violent Extremism in the United States. In January 2012, the FBI established the Countering Violent Extremism Office (CVEO) under the National Security Branch.322 The CVEO was re-aligned in January 2013 to CTD’s Domestic Terrorism Operations Section, under the National JTTF, to better leverage the collaborative participation of the dozens of participating agencies in FBI’s CVE efforts.323 Yet, even within FBI, there is a misperception by some that CVE efforts are the same as FBI’s community outreach efforts. Many field offices remain unaware of the CVE resources available through the CVEO.324 Because the field offices have to own and integrate the CVE portfolio without the benefit of additional resources from FBI Headquarters, there is understandably inconsistent implementation. The Review Commission, through interviews and meetings, heard doubts expressed by FBI personnel and its partners regarding the FBI’s central role in the CVE program. The implementation had been inconsistent and confusing within the FBI, to outside partners, and to local communities.325 The CVEO’s current limited budget and fundamental law enforcement and intelligence responsibilities do not make it an appropriate vehicle for the social and prevention role in the CVE mission. Such initiatives are best undertaken by other government agencies. The Review Commission recommends that the primary social and prevention responsibilities for the CVE mission should be transferred from the FBI to DHS or distributed among other agencies more directly involved with community interaction.

[snip]

(U) Recommendation 6: The Review Commission recommends that the primary social and prevention responsibilities for the CVE mission should be transferred from the FBI to DHS or distributed among other agencies more directly involved with community interaction.

For what it’s worth, Muslim communities increasingly agree that the FBI — and the federal government generally — should not be in the business of CVE. But that’s largely because the government approaches it with the same view Comey does: by thinking immediately of his analysts thinking dark thoughts at Quantico. So if some agency that had credibility — if some agency had credibility — at diverting youth (of all faiths) who might otherwise get caught in an FBI sting, I could support it moving someplace else, but I’m skeptical DHS or any other existing federal agency is that agency right now.

While the Review doesn’t say explicitly in this section what it wants the FBI to be doing instead of CVE, elsewhere it emphasizes that it wants the FBI to do more racial profiling (AKA “domain awareness”) and run more informants. Thus, I think it fair to argue that the Ed Meese-led panel thinks the FBI should spy on Muslims, not reach out to them. Occupation-style federal intelligence gathering, not community based.

Which is why I think this approach to Muslim communities should be compared directly with the Review’s approach with corporations. The same report that says FBI should not be in the business of CVE — which done properly is outreach to at-risk communities — says that it should accelerate and increase its funding for its outreach to the private sector.

(U) Recommendation 5: The Review Commission recommends that the FBI enhance and accelerate its outreach to the private sector.

(U) The FBI should work with Congress to develop legislation that facilitates private companies’ communication and collaboration and work with the US Government in countering cyber threats.

(U) The FBI should play a prominent role in coordinating with the private sector, which the Review Commission believes will require a full-time position for a qualified special agent in the relevant field offices, as well as existing oversight at Headquarters.

Indeed, in a paragraph explaining why the FBI should add more private sector liaisons (and give them the same credit they’d get if they recruited corporations as narcs, only corporations shouldn’t be called “sources” because it would carry the stigma of being a narc), the Review approvingly describes the FBI liaison officers working with corporations to promote better Internet hygiene.

The Review Commission learned that the FBI liaison positions have traditionally been undervalued but that has begun to change as more experienced special agents take on the role, although this has not yet resulted in adequate numbers of assigned special agents or adequate training for those in the position. One field office noted that it had 400 cleared defense contractors (CDCs) in its AOR—ranging from large well known names to far smaller enterprises—with only one liaison officer handling hundreds of CDCs. This field office emphasized the critical need for more liaison officers to conduct outreach to these companies to promote better internet hygiene, reduce the number of breaches, and promote long-term cooperation with the FBI.319 Another field office noted, however, some sensitivity in these liaison relationships because labeling private sector contacts as sources could create a stigma. The field office argued that liaison contacts should be considered valuable and special agents should receive credit for the quality of liaison relationships the same way they do for CHSs.320

Ed Meese’s panel wants the FBI to do the digital equivalent of teaching corporations to blow their nose and wash their hands after peeing, but it doesn’t think the FBI should spend time reaching out to Muslim communities but should instead spy on them via paid informants.

Maybe there are good reasons for the panel’s disparate recommended treatment of corporations and Muslim communities. If so, the Review doesn’t explain it anywhere (though the approach is solidly in line with the Intelligence Committees’ rush to give corporations immunity to cyber share information with the federal government).

But it does seem worth noting that this panel has advocated the nanny state for one stakeholder and STASI state for another.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

As part of its cooperation with New Zealand’s best journalist on that country’s SIGINT activities, Nicky Hager, the Intercept has published a story on the targets of a particular XKeyscore query (note: these stories say the outlets obtained this document; they don’t actually say they obtained it from Edward Snowden): top officials in the Solomon Islands and an anti-corruption activist there.

Aside from the targets, which I’ll get to, the story is interesting because it shows in greater detail than we’ve seen what an XKS query looks like. It’s a fairly standard computer query, though initiated by the word “fingerprint.” Some of it is consistent with what Snowden has described fingerprints to include: all the correlated identities that might be associated with a search. The query searches on jremobatu — presumably an email unique name — and James Remobatu, for example. As I have noted, if they wanted to target all the online activities of one particularly person — say, me! — they would add on all the known identifiers, so emptywheel, @emptywheel, Marcy Wheeler, and all the cookies they knew to be associated with me.

What’s interesting, though, is this query is not seeking email or other Internet communication per se. It appears to be seeking documents, right out of a file labeled Solomon government documents. Those may have been pulled and stored as attachments on emails. But the query highlights the degree to which XKS sucks up everything, including documents.

Finally, consider the target of the query. As both articles admit, the reason behind some of the surveillance is understandable, if sustained. Australia and New Zealand had peacekeepers in the Solomons to deal with ethnic tensions there, though were withdrawing by January 2013 when the query was done. The query included related keywords.

In the late 1990s and early 2000s the islands suffered from ethnic violence known as “The Tensions.” This led to the 2003 deployment to the Solomons of New Zealand, Australian and Pacific Island police and military peacekeepers. By January 2013, the date of the target list, both New Zealand and Australia were focused on withdrawing their forces from the island country and by the end of that year they were gone.

The XKEYSCORE list shows New Zealand was carrying out surveillance of several terms associated with militant groups on the island, such as “former tension militants,” and “malaita eagle force.” But with the security situation stabilized by 2013, it is unclear why New Zealand spies appear to have continued an expansive surveillance operation across the government, even tailoring XKEYSCORE to intercept information about an anti-corruption campaigner.

More specifically, however, the query was targeting not the militants, but the Truth and Reconciliation process in the wake of the violence.

I would go further than these articles, however, and say I’m not surprised the Five Eyes spied on a Truth and Reconciliation process. I would fully expect NSA’s “customer” CIA to ask it to track the South African and Colombian Truth and Reconciliation processes, because the CIA collaborated in the suppression of the opposition in both cases (going so far as providing the intelligence behind Nelson Mandela’s arrest in the former case). While I have no reason to expect CIA was involved in the Solomons, I would expect one or more of the myriad intelligence agencies in the Five Eyes country was, particularly given the presence of Aussie and Kiwi peacekeepers there. And they would want to know how their role were being exposed as part of the Truth and Reconciliation process. This query would likely show that.

Which brings me to the point the activist in question, Benjamin Afuga (who sometimes publishes leaked documents) made: this spying, which would definitely detail all cooperation between him and the government, might also reveal his sources.

Benjamin Afuga, the anti-corruption campaigner, said he was concerned the surveillance may have exposed some of the sources of the leaks he publishes online.

“I’m an open person – just like an open book,” Afuga said. “I don’t have anything else other than what I’m doing as a whistleblower and someone who exposes corruption. I don’t really understand what they are looking for. I have nothing to hide.”

Ah, but Afuga does have things to hide: his sources. And again, if one or another Five Eyes country had intelligence operatives involved both during the tensions and in the peace keeping process, they would definitely want to know them.

Again, this is all standard spying stuff. I expect CIA (or any other HUMINT agency) would want to know if they’re being talked about and if so by whom — I even expect CIA does a more crude version of this within the US about some of its most sensitive topics, not least because of the way they went after the SSCI Torture investigators.

But this query does provide a sense of just how powerful this spying is in a world when our communications aren’t encrypted.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

I’ve long been tracking the case of Minh Quang Pham, whom I call the “graphic artist of mass destruction” because he is accused of helping Samir Khan on Inspire.

He was detained in the UK back in July 2011 (see the timeline). That December, the UK government tried to strip him of citizenship, but failed because that would have left him stateless (he’s originally from Vietnam but the government doesn’t treat him as a citizen). He was quickly charged here when efforts to strip him of UK citizenship failed. But since then, his citizenship case has been wending its way through the British courts.

Throughout this period, it was not officially recognized that Pham was the guy fighting for his citizenship.

Today and yesterday, his case was finally heard before UK’s Supreme Court, and his name made public. Here’s the Open Society report on his case (which also has a timeline!).

I suppose, if Pham loses, he will be sent to NY for trial. If he wins, he will force the UK to charge him there, which for a variety of reasons may get interesting. Remember: Pham should know the informant behind the UndieBomb 2.0 attack. Which may be why everyone wants to try him over here.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The NYT brought in Will Arkin (partnering with Eric Lichtblau) to talk about the proliferation of the use of undercover officials in government agencies. The Supreme Court, IRS, the Smithsonian, and DOD are all playing dress up to spy on Americans (and the IRS permits agents to pretend to be lawyers, doctors, clergy, and journalists).

The article makes it clear that — as might be imagined — the drug war is the most common focus of these undercover officers.

More than half of all the work they described is in pursuit of the illicit drug trade. Money laundering, gangs and organized crime investigations make up the second-largest group of operations.

But it doesn’t really step back and look at who else is getting targeted, which I’ve tried to lay on in this stable.

There are several concerning aspects of this list. I’m hoping the Smithsonian is using under cover officers solely to police the Holocaust and similar museums; the Holocaust museum, after all, has been targeted by a right wing terrorist recently. I might see the point on the Washington Memorial. But I do hope they’re no patrolling the Air and Space Museum because they might catch people who, like I did when I was in fifth grade, use the museum as a playground for stupid pre-teen drama while on a field trip.

DOD’s expanded use of undercover officers to target Americans is very troubling. The 9th Circuit recently threw out a conviction because the Navy had initiated the case searching data in the guise of protecting Spokane’s bases. I suspect, in response, the government will just get more assiduous at laundering such investigations. And it would be highly improper for them to do so clandestinely.

That said, this table is just as telling for what it doesn’t include as what it does.

If USDA is going undercover, why not send undercover inspectors to work in food processing plants, as a great way to not only show the food safety violations, but also the labor violations? Why not go undercover to investigate CAFOs?

The big silence, however, is about bank crime. While I’m sure SEC uses some undercover officers to investigate financial crime, you don’t hear of it anymore, since the failed Goldman prosecution. And we know FBI gave up efforts to use undercover officers to investigate (penny ante) mortgage fraud crime because, well, it just forgot.

But when DOJ’s Inspector General investigated what FBI did when it was given $196 million between 2009 and 2011 to investigate (penny ante) mortgage fraud, FBI’s focus on the issue actually decreased (and DOJ lied about its results). When FBI decided to try to investigate mortgage fraud proactively by using undercover operations, like it does terrorism and drugs, its agents just couldn’t figure out how to do so (in many cases Agents were never told of the effort), so the effort was dropped.

So it’s not just that Agencies are using undercover officers to investigate every little thing, including legitimate dissent, with too little oversight.

Its also that the government, as a whole, is using this increasingly to investigate those penny ante crimes, but not the biggest criminals, like the banksters. So long as the choice of these undercover operations reflects inherent bias (and it always has, especially in the war on drugs), then the underlying structure is illegitimate.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Jim Comey, seemingly intent on squandering once limitless credibility in record time, has written a letter to the NYT to explain two of the FBI’s deceptive operations reported recently. The one that’s getting the attention — his admission that an agent posed as an AP reporter to catch a teenager making bomb threats — actually comes off as the less indefensible response.

Relying on an agency behavioral assessment that the anonymous suspect was a narcissist, the online undercover officer portrayed himself as an employee of The Associated Press, and asked if the suspect would be willing to review a draft article about the threats and attacks, to be sure that the anonymous suspect was portrayed fairly.

[snip]

That technique was proper and appropriate under Justice Department and F.B.I. guidelines at the time. Today, the use of such an unusual technique would probably require higher level approvals than in 2007, but it would still be lawful and, in a rare case, appropriate.

Sure, the FBI decided to dress up as the press to catch someone who hadn’t yet done real harm. Sure, they did it to deliver malware, basically a classic hack. Sure, it could have played to this kid’s narcissistic tendencies using any number of other fake identities. Sure, this was ultimately going to get made at least as public as a court docket, which does undermine the credibility of a brand name press outlet. But it was a fairly limited operation, that wouldn’t have generated this much attention if Chris Soghoian (in the process of writing a brief to prevent the FBI to hack with even fewer limits) weren’t such a meddling hippie.

The Las Vegas case is still in litigation, so there is little we can say, but it would have been better to wait for the government’s response and a court decision before concluding that the F.B.I. engaged in abusive conduct.

Every undercover operation involves “deception,” which has long been a critical tool in fighting crime. The F.B.I.’s use of such techniques is subject to close oversight, both internally and by the courts that review our work.

“It would have been better to wait for the government’s response and a court decision before concluding that the F.B.I. engaged in abusive conduct”???

Now, the reason the press picked up on this story is because the well-heeled defendants have superb lawyers who wrote a brief that is both engaging and chock full of evidence. The brief starts by laying out the stakes that matter for you and I, even if in this case they affect a bunch of Malaysian men who may have ties to Asian organized crime.

The next time you call for assistance because the internet service in your home is not working, the “technician” who comes to your door may actually be an undercover government agent. He will have secretly disconnected the service, knowing that you will naturally call for help and–when he shows up at your door, impersonating a technician–let him in. He will walk through each room of your home, claiming to diagnose the problem. Actually, he will be videotaping everything (and everyone) inside. He will have no reason to suspect you have broken the law, much less probable cause to obtain a search warrant. But that makes no difference, because by letting him in, you will have “consented” to an intensive search of your home.

Jim Comey thinks the press shouldn’t report on this until after the government has had its shot at rebuttal? Does he feel the same about the army of FBI leakers who pre-empt defense cases all the time? Does Comey think it improper for his FBI to have released this press release, upon defendant Wei Seng Phua’s arrest, asserting that he is a member of organized crime as a fact and mentioning a prior arrest (not a conviction) that may or may not be deemed admissible to this case?

According to the criminal complaint, Wei Seng Phua, is known by law enforcement to be a high ranking member of the 14K Triad, an Asian organized crime group. On or about June 18, 2013, Phua was arrested in Macau, along with more than 20 other individuals, for operating an illegal sport book gambling business transacting illegal bets on the World Cup Soccer Tournament. Phua posted bail in Macau and was released.

I didn’t see the FBI Director complaining about press stories, written in response to the press release, reported before the defense had been able to present their side.

The point is, one reason we have laws governing open access to court documents — which the government limits all the time (including with claims about a broad need to hide the methods of its deception) — is so both sides get a bid to make their case, both before judges and before the public. Another reason is so that the press can act as a check on something that may be legal, but probably shouldn’t be.

It may well be that FBI gets to use the evidence from their cable repairman scheme (given that superstar appellate lawyer Tom Goldstein is on the case, the defendants probably don’t think this is as big of a slam dunk as the press has, probably because Caesars, a competitor with the Asian mob in the gambling industry, was a willing participant in the scheme, including turning off the cable service). But that’s an entirely different question from whether they should, for precisely the reason the brief lays out: because if the FBI can turn off our cable to set up a cable repairman cover, then it undermines the principle of consensual searches.

These guys may or may not be douchebag Asian mobsters. But they are also being tried in the United States, which still subjects its criminal procedure to fairly broad but by no means unlimited press scrutiny.

Which means the press gets to weigh in. The defense gets to make their case, and if they make a compelling case, the press will report it, just as they almost always report FBI press releases on face value, as they did in this case (to say nothing of FBI’s leaks).

Jim Comey, himself a master at working the press, should expect that, and if he wants his FBI to remain credible, should ensure their undercover operations are not just “legal” and “proper” but also “wise.”

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

https://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.png00emptywheelhttps://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.pngemptywheel2014-11-07 10:27:012014-11-07 10:41:40Jim Comey Scolds the Press for Reporting on a Court Filing

At Salon yesterday, I pushed back against the Apple hysteria again. In it, I look at the numbers that suggest far more Apple handsets are searched under the border exception than using warrants.

Encrypting iPhones might have the biggest impact on law enforcement searches that don’t involve warrants, contrary to law enforcement claims this is about warranted searches. As early as 2010, Customs and Border Patrol was searching around 4,600 devices a year and seizing up to 300 using what is called a “border exception.” That is when CBP takes and searches devices from people it is questioning at the border. Just searching such devices does not even require probable cause (though seizing them requires some rationale). These searches increasingly involve smart phones like the iPhone.

These numbers suggest border searches of iPhones may be as common as warranted searches of the devices. Apple provided account content to U.S. law enforcement 155 times last year. It responded to 3,431 device requests, but the “vast majority” of those device requests involved customers seeking help with a lost or stolen phone, not law enforcement trying to get contents off a cell phone (Consumer Reports estimates that 3.1 million Americans will have their smart phones stolen this year). Given that Apple has by far the largest share of the smart phone market in the U.S., a significant number of border device searches involving a smart phone will be an iPhone. Apple’s default encryption will make it far harder for the government to do such searches without obtaining a warrant, which they often don’t have evidence to get.

Almost 20% of Americans this year will have an iPhone, and that number will be far higher among those who fly internationally. If only 20% of 5,000 border searches involve iPhones, then there are clearly more border iPhone searches than warranted ones.

Meanwhile, we have an appalling new look at what law enforcement does once it gets inside your smart phone. A woman in Albany is suing DEA because — after she permitted DEA to conduct a consensual search of her phone — DEA then took photos obtained during the search, including one of her wearing only underwear, and made a fake Facebook page for her with them. They even sent a friend request to a fugitive and accepted other friend requests. They also posted pictures of her son and niece, on a site intended to lure those involved in the drug trade.

And they consider this a legitimate law enforcement activity!

In a court filing, a U.S. attorney acknowledges that, unbeknownst to Arquiett, Sinnigen created the fake Facebook account, posed as her, posted photos, sent a friend request to a fugitive, accepted other friend requests, and used the account “for a legitimate law enforcement purpose.”

The government’s response lays out an argument justifying Sinnigen’s actions: “Defendants admit that Plaintiff did not give express permission for the use of photographs contained on her phone on an undercover Facebook page, but state the Plaintiff implicitly consented by granting access to the information stored in her cell phone and by consenting to the use of that information to aid in an ongoing criminal investigations [sic].”

To be sure, DEA and FBI would still be able to obtain consensual access to phones, as they did in this case, by threatening people with harsher charges if they don’t cooperate (which appears to be how they got her to cooperate).

But this demonstrates just how twisted is the government’s view of legitimate use of phone data. The next time you hear a top officer wail about pedophiles, you might ask whether they’re actually the one planning to post sexy pictures.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Last week, 43 reserve members of Israel’s equivalent to the NSA, Unit 8200, released a letter announcing they would refuse to take actions against Palestinians because the spying done on them amounts to persecution of innocent people. The IDF has responded the same way government agencies here would — scolding the whistleblowers for not raising concerns in official channels. But the letter has elicited rare public discussion about the ethics and morality of spying.

One of the allegations made by the refuseniks highlighted in the English press is that Israel used SIGINT to recruit collaborators, which in turn divides the Palestinian community.

The Palestinian population under military rule is completely exposed to espionage and surveillance by Israeli intelligence. While there are severe limitations on the surveillance of Israeli citizens, the Palestinians are not afforded this protection. There’s no distinction between Palestinians who are, and are not, involved in violence. Information that is collected and stored harms innocent people. It is used for political persecution and to create divisions within Palestinian society by recruiting collaborators and driving parts of Palestinian society against itself. In many cases, intelligence prevents defendants from receiving a fair trial in military courts, as the evidence against them is not revealed. Intelligence allows for the continued control over millions of people through thorough and intrusive supervision and invasion of most areas of life. This does not allow for people to lead normal lives, and fuels more violence further distancing us from the end of the conflict. [my emphasis]

These refuseniks, apparently, have access both to the intelligence they collect and how it is used. That means they’re in a position to talk about the effects of Unit 8200’s spying. And press coverage has made it sound like something that would uniquely happen to occupied Palestinians.

It’s not.

We know of one way that the NSA’s dragnet is definitely being used to recruit informants (aka collaborators), and another whether it it permissible to use.

The first way is via the phone dragnet. As I have noted, the government has twice told the FISA Court — once in 2006 and once in 2009 — that FBI uses dragnet derived information to identify people who might cooperate (aka inform or collaborate) in investigations. Once people come up on a 2-degree search, they are dumped into the corporate store indefinitely, data mined with sufficient information to find embarrassing and illegal things. Apparently, FBI uses such data to coerce cooperation, though we have no details on the process.

All the revealing things metadata shows? The government uses that information to obtain informants.

One way the government probably does this is by using the connections identified by metadata analysis (remember, this is not just phone and Internet data, but also includes financial and travel data, at a minimum) to put people on the No Fly list, regardless of whether they are a real threat to this country. Then, No Fly listees have alleged, FBI promises help getting them off that life-altering status if they inform on their community.

More troubling still is FBI’s uncounted use of warrantless back door searches of US person content when conducting assessments. As I noted, in addition to doing assessments in response to “tips,” the FBI will use them to profile communities or identify potential informants.

As the FBI’s Domestic Investigations and Operations Guide describes, assessments are used for “prompt and extremely limited checking out of initial leads.” No factual predicate (that is, no real evidence of wrong-doing) is required before the FBI starts an assessment. While FBI cannot use First Amendment activities as the sole reason for assessments, they can be considered. In addition to looking into leads about individual people, FBI uses assessments as part of the process for Domain Assessments (what FBI calls their profiling of Muslim communities) and the selection of informants to try to recruit. In some cases, an Agent doesn’t need prior approval to open an assessment; in others, they may get oral approval (though for several kinds, an Agent must get a formal memo approved before opening an assessment). And while Agents are supposed to record all assessments, for some assessments, they’re very cursory reports — basically complaint forms. That is, for certain types of assessments, FBI is not generating its most formal paperwork to track the process.

So while I can’t point to a DOJ claim to FISC that these back door searches are useful because they help find informants, it appears to be possible. Plus, as early as 2002, Ted Olson said they would use evidence of rape collected using traditional FISA to talk someone into cooperating (aka inform or collaborate); that was the reason he gave for blowing the wall between intelligence and criminal investigations to smithereens.

Indeed, knowing the way the government uses phone dragnet information as an index to collected content, the government may well use phone dragnet metadata to pick which Americans to subject to warrantless back door searches.

It sounds really awful when we hear about Israel using SIGINT — including information we provide without minimizing it — to spy on Palestinians.

But we have a good deal of reason to believe the US intelligence community — in collaboration — does similar things, spying on Muslim communities and using SIGINT to recruit collaborators that end up sowing paranoia and distrust in the communities.

Not only don’t we have a group of refuseniks who, among themselves, can explain how all of this works. But how the FBI uses all this data is precisely what the government intends to keep secret under the so-called “transparency” provisions of USA Freedom Act. While I will provide more detail in a follow-up post, remember that the FBI refuses to count its back door searches, which means it would be almost impossible for anyone to get a real sense of how these warrantless back door searches on US persons are used. It also has asserted it does not need to disclose evidence derived from Section 215 to criminal defendants, which is another way the evidence against defendants gets hidden.

It’s awful that Israel is doing it. But it’s even worse that we’re almost certainly doing the same, but that we can only find hints of how it is being done.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

https://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.png00emptywheelhttps://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.pngemptywheel2014-09-19 13:26:082014-09-19 13:36:44Unit 8200 Refuseniks Make Visible for Israel What Remains Invisible in the US